summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Merge pull request #7592 from mheon/force_attach_winchOpenShift Merge Robot2020-09-11
|\ | | | | Force Attach() to send a SIGWINCH and redraw
| * Force Attach() to send a SIGWINCH and redrawMatthew Heon2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Basically, we want to force the application in the container to (iff the container was made with a terminal) redraw said terminal immediately after an attach completes, so the fresh Attach session will be able to see what's going on (e.g. will have a shell prompt). Our current attach functions are unfortunately geared more towards `podman run` than `podman attach` and will start forwarding resize events *immediately* instead of waiting until the attach session is alive (much safer for short-lived `podman run` sessions, but broken for the `podman attach` case). To avoid a major rewrite, let's just manually send a SIGWINCH after attach succeeds to force a redraw. Fixes #6253 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #7591 from haircommander/play-kube-process-namespaceOpenShift Merge Robot2020-09-11
|\ \ | | | | | | play/generate: support shareProcessNamespace
| * | play/generate: support shareProcessNamespacePeter Hunt2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | this is an option that allows a user to specify whether to share PID namespace in the pod for play kube and generate kube associated test added Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #7593 from edsantiago/network_test_cleanupOpenShift Merge Robot2020-09-11
|\ \ \ | | | | | | | | run_networking e2e test: add cleanup to some tests
| * | | run_networking e2e test: add cleanup to some testsEd Santiago2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: if either of the two "podman network create" tests fail, all subsequent retries will also fail because the created network has not been cleaned up (so "network create" will fail with EEXIST). Solution: run "podman network rm" as deferred cleanup instead of in each test. This is NOT a fix for #7583 - it is just a way to allow ginkgo to retry a failing test. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #7587 from ParkerVR/kube-underscoresOpenShift Merge Robot2020-09-11
|\ \ \ \ | | | | | | | | | | Allowed underscores to remain in name for YAML (Kube generate)
| * | | | allowed underscores to remain in name for YAMLParker Van Roy2020-09-10
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | | | | Merge pull request #7586 from ashley-cui/rokubeOpenShift Merge Robot2020-09-11
|\ \ \ \ \ | | | | | | | | | | | | Add read-only volume mount to play kube
| * | | | | Add read-only mount to play kubeAshley Cui2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for read-only volume mounts in podman play kube Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | | Merge pull request #7584 from QiWang19/login-docOpenShift Merge Robot2020-09-11
|\ \ \ \ \ \ | | | | | | | | | | | | | | [CI:DOCS] Add auth.json(5) link to login/logout docs
| * | | | | | Add auth.json(5) link to login/logout docsQi Wang2020-09-10
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add auth.json(5) link to login/logout docs. Provide more details about the usage of auth.json by podman-login. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | | Merge pull request #7590 from edsantiago/batsOpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | system tests: cleanup
| * | | | | system tests: cleanupEd Santiago2020-09-10
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - run tests: better "skip" message for docker-archive test; remove FIXME, document that podman-remote doesn't support it - run tests: instrument the --conmon-pidfile test in hopes of tracking down flake #7580: cross-check pidfile against output of 'podman inspect', and add some debug messages that will only be seen on test failure. - load tests: the pipe test: save and load a temporary tag, not $IMAGE. Primary reason is because of #7371, in which 'podman load' assigns a new image ID (instead of preserving the saved one). This messes with our image management, and it turns out to be nonfixable. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #7541 from mheon/modify_groupOpenShift Merge Robot2020-09-10
|\ \ \ \ \ | |/ / / / |/| | | | Make an entry in /etc/group when we modify /etc/passwd
| * | | | Make an entry in /etc/group when we modify /etc/passwdMatthew Heon2020-09-10
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To ensure that the user running in the container ahs a valid entry in /etc/passwd so lookup functions for the current user will not error, Podman previously began adding entries to the passwd file. We did not, however, add entries to the group file, and this created problems - our passwd entries included the group the user is in, but said group might not exist. The solution is to mirror our logic for /etc/passwd modifications to also edit /etc/group in the container. Unfortunately, this is not a catch-all solution. Our logic here is only advanced enough to *add* to the group file - so if the group already exists but we add a user not a part of it, we will not modify that existing entry, and things remain inconsistent. We can look into adding this later if we absolutely need to, but it would involve adding significant complexity to this already massively complicated function. While we're here, address an edge case where Podman could add a user or group whose UID overlapped with an existing user or group. Also, let's make users able to log into users we added. Instead of generating user entries with an 'x' in the password field, indicating they have an entry in /etc/shadow, generate a '*' indicating the user has no password but can be logged into by other means e.g. ssh key, su. Fixes #7503 Fixes #7389 Fixes #7499 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Merge pull request #7577 from rhatdan/runlabel1OpenShift Merge Robot2020-09-10
|\ \ \ \ | | | | | | | | | | podman container runlabel should pull the image if it does not exist
| * | | | podman container runlabel should pull the image if it does not existDaniel J Walsh2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since --pull is deprecated, remove it from help and hide if from --help Also set it to true by default. Share image pull code betweern podman image pull and podman container runlabel. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7578 from giuseppe/join-userns-reuse-mappingsOpenShift Merge Robot2020-09-10
|\ \ \ \ \ | |_|_|/ / |/| | | | libpod: read mappings when joining a container userns
| * | | | libpod: read mappings when joining a container usernsGiuseppe Scrivano2020-09-10
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when joining an existing container user namespace, read the existing mappings so the storage can be created with the correct ownership. Closes: https://github.com/containers/podman/issues/7547 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* | | | Merge pull request #7582 from rhatdan/VENDOROpenShift Merge Robot2020-09-10
|\ \ \ \ | | | | | | | | | | vendor containers/storage v1.23.5
| * | | | vendor containers/storage v1.23.5Daniel J Walsh2020-09-10
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #7460 from AkihiroSuda/allow-rootless-cniOpenShift Merge Robot2020-09-10
|\ \ \ \ \ | | | | | | | | | | | | rootless: support `podman network create` (CNI-in-slirp4netns)
| * | | | | rootless: support `podman network create` (CNI-in-slirp4netns)Akihiro Suda2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Usage: ``` $ podman network create foo $ podman run -d --name web --hostname web --network foo nginx:alpine $ podman run --rm --network foo alpine wget -O - http://web.dns.podman Connecting to web.dns.podman (10.88.4.6:80) ... <h1>Welcome to nginx!</h1> ... ``` See contrib/rootless-cni-infra for the design. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
| * | | | | add contrib/rootless-cni-infraAkihiro Suda2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | | | Merge pull request #7574 from vrothberg/fix-7117OpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ | | | | | | | | | | | | | | remote run: consult events for exit code
| * | | | | | remote run: consult events for exit codeValentin Rothberg2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After attaching to a container, we wait for the container to finish and return its exit code. Waiting for the container may not always succeed, for instance, when the container has been force removed by another process. In such case, we have to look at the *last* container-exit event. Also refactor the `ContainerRun` method a bit to return early on errors and de-spaghetti the code. Enable the remote-disabled system test. Fixes: #7117 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | | Merge pull request #7576 from openSUSE/manifest-add-extend-flagsOpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Extend the flags of the `manifest add` command
| * | | | | | | Extend bash completion to cover new flagsFlavio Castelli2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure the new flags added to `manifest add` are known to bash completion. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
| * | | | | | | Update man page of `manifest add`Flavio Castelli2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure all the flags are covered by the man page. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
| * | | | | | | manifest push: handle cert-dir flagFlavio Castelli2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit the value of the `--cert-dir` flag specified for `podman manifest push` was not handled by the internal code. That resulted in `podman manifest push` not reading the certificates stored inside of the directory specified by the user. Signed-off-by: Flavio Castelli <fcastelli@suse.com>
| * | | | | | | Extend flags of `manifest add`Flavio Castelli2020-09-09
| | |_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Extend the flags of `podman manifest add` to include also: * cert-dir * auth-file * creds * tls-verify These options are useful when adding to a manifest an image that is not part of the local image store. The image resides on a remote registry that falls into one of these cases: it's not using tls termination, it requires authentication or it's secured with an unknown tls certificate. Consider the following scenario: a multi architecture manifest is created as part of a multi-step CI pipeline running in a containerized way. All the images referenced by the manifest live inside of a registry secured with a self-signed tls certificate. Without this patch the manifest creation step would have to pull all the multi-architecture images locally via `podman pull`. With this patch the usage of `podman pull` would not be needed because the images' digests can be requested straight to the registry. That means the execution of manifest creation step would be faster and result in less disk space and network bandwidth being used. Finally, this is a propagation of a similar fix done inside of buildah via https://github.com/containers/buildah/pull/2593 Signed-off-by: Flavio Castelli <fcastelli@suse.com>
* | | | | | | Merge pull request #7579 from ↵OpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | containers/dependabot/go_modules/k8s.io/apimachinery-0.19.1 Bump k8s.io/apimachinery from 0.19.0 to 0.19.1
| * | | | | | | Bump k8s.io/apimachinery from 0.19.0 to 0.19.1dependabot-preview[bot]2020-09-10
| | |_|_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.19.0 to 0.19.1. - [Release notes](https://github.com/kubernetes/apimachinery/releases) - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.19.0...v0.19.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | | Merge pull request #7566 from ashley-cui/remotdocsOpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | [CI:DOCS] Update remote tutorials
| * | | | | | | [CI:DOCS] Update remote tutorialsAshley Cui2020-09-08
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | update remote tutorial update mac/windows tutorial move varlink tutorial Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | | | | Merge pull request #7536 from Luap99/api-network-filterOpenShift Merge Robot2020-09-10
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | APIv2 Add network list filtering
| * | | | | | Fix typo in the remove network api docPaul Holzinger2020-09-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | | | | APIv2 Add network list filteringPaul Holzinger2020-09-07
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the filter option to the libpod endpoint. Add support for the name filter on the docker endpoint. Add apiv2 tests for the network list endpoints. Enable podman network integration tests for remote. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | | | Merge pull request #7485 from cevich/migrate_packerOpenShift Merge Robot2020-09-09
|\ \ \ \ \ \ | |_|_|_|_|/ |/| | | | | Cirrus: Obsolete CI:IMG process & related files
| * | | | | Cirrus: Obsolete CI:IMG process & related filesChris Evich2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All VM-building functionality has been migrated to https://github.com/containers/automation_images Some container-build functions are still maintained here but are on a very-short list to also be migrated to the repository linked above. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | | | Merge pull request #7575 from rhatdan/runlabelOpenShift Merge Robot2020-09-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix podman container runlabel --display
| * | | | | | Fix podman container runlabel --displayDaniel J Walsh2020-09-09
| | |_|_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current podman container runlabel --display is being ignored. This is just supposed to display the command that would be run, and then exit, but instead is actually running the command. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877186 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #7573 from rhatdan/oomOpenShift Merge Robot2020-09-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | Make oom-score-adj actually work
| * | | | | | Make oom-score-adj actually workDaniel J Walsh2020-09-09
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During the redesign of podman 2.0, we dropped the support for --oom-score-adj. Test for this flag was bogus and thus passing when it was broken. Basically just need to set the value in the spec. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877187 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | | Merge pull request #7572 from vrothberg/fix-7135OpenShift Merge Robot2020-09-09
|\ \ \ \ \ \ | | | | | | | | | | | | | | remote kill: don't wait for the container to stop
| * | | | | | compat kill: only wait for 0 signal and sigkillValentin Rothberg2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker does not wait unconditionally. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | | | | | remote kill: don't wait for the container to stopValentin Rothberg2020-09-09
| |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Invert the branch logic to match the comment. Docker seems to wait for the container while Podman does not. Enable the remote-disabled system test as well. Fixes: #7135 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | | Merge pull request #7290 from rhatdan/externalOpenShift Merge Robot2020-09-09
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | Show c/storage (Buildah/CRI-O) containers in ps
| * | | | | Show c/storage (Buildah/CRI-O) containers in psDaniel J Walsh2020-09-09
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `podman ps --all` command will now show containers that are under the control of other c/storage container systems and the new `ps --storage` option will show only containers that are in c/storage but are not controlled by libpod. In the below examples, the '*working-container' entries were created by Buildah. ``` podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9257ef8c786c docker.io/library/busybox:latest ls /etc 8 hours ago Exited (0) 8 hours ago gifted_jang d302c81856da docker.io/library/busybox:latest buildah 30 hours ago storage busybox-working-container 7a5a7b099d33 localhost/tom:latest ls -alF 30 hours ago Exited (0) 30 hours ago hopeful_hellman 01d601fca090 localhost/tom:latest ls -alf 30 hours ago Exited (1) 30 hours ago determined_panini ee58f429ff26 localhost/tom:latest buildah 33 hours ago storage alpine-working-container podman ps --external CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d302c81856da docker.io/library/busybox:latest buildah 30 hours ago external busybox-working-container ee58f429ff26 localhost/tom:latest buildah 33 hours ago external alpine-working-container ``` Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>